151 lines
5.8 KiB
Diff
151 lines
5.8 KiB
Diff
* dropped hunk that modified src/lib/krb5_32.def
|
|
* adjusted to apply to 1.9.1
|
|
* try to keep the old symbol name around in case someone's basing which one
|
|
they use on a version check (a wild guess, but it's inexpensive to do it)
|
|
|
|
commit 297cb47b92892daa52092c932bc5345b2fcb9285
|
|
Author: ghudson <ghudson@dc483132-0cff-0310-8789-dd5450dbe970>
|
|
Date: Wed Oct 12 16:34:07 2011 +0000
|
|
|
|
ticket: 6974
|
|
subject: Make krb5_pac_sign public
|
|
|
|
krb5int_pac_sign was created as a private API because it is only
|
|
needed by the KDC. But it is actually used by DAL or authdata plugin
|
|
modules, not the core KDC code. Since plugin modules should not need
|
|
to consume internal libkrb5 functions, rename krb5int_pac_sign to
|
|
krb5_pac_sign and make it public.
|
|
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25325 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
|
|
index 1682a34..d2498a8 100644
|
|
--- a/src/include/k5-int.h
|
|
+++ b/src/include/k5-int.h
|
|
@@ -2786,15 +2786,6 @@ k5alloc(size_t len, krb5_error_code *code)
|
|
}
|
|
|
|
krb5_error_code KRB5_CALLCONV
|
|
-krb5int_pac_sign(krb5_context context,
|
|
- krb5_pac pac,
|
|
- krb5_timestamp authtime,
|
|
- krb5_const_principal principal,
|
|
- const krb5_keyblock *server_key,
|
|
- const krb5_keyblock *privsvr_key,
|
|
- krb5_data *data);
|
|
-
|
|
-krb5_error_code KRB5_CALLCONV
|
|
krb5_get_credentials_for_user(krb5_context context, krb5_flags options,
|
|
krb5_ccache ccache,
|
|
krb5_creds *in_creds,
|
|
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
|
|
index 3d9dbbf..3327977 100644
|
|
--- a/src/include/krb5/krb5.hin
|
|
+++ b/src/include/krb5/krb5.hin
|
|
@@ -7495,6 +7495,27 @@ krb5_pac_verify(krb5_context context, const krb5_pac pac,
|
|
krb5_timestamp authtime, krb5_const_principal principal,
|
|
const krb5_keyblock *server, const krb5_keyblock *privsvr);
|
|
|
|
+/**
|
|
+ * Sign a PAC.
|
|
+ *
|
|
+ * @param [in] context Library context
|
|
+ * @param [in] pac PAC handle
|
|
+ * @param [in] authtime Expected timestamp
|
|
+ * @param [in] principal Expected principal name (or NULL)
|
|
+ * @param [in] server Key for server checksum
|
|
+ * @param [in] privsvr Key for KDC checksum
|
|
+ * @param [out] data Signed PAC encoding
|
|
+ *
|
|
+ * This function signs @a pac using the keys @a server and @a privsvr and
|
|
+ * returns the signed encoding in @a data. @a pac is modified to include the
|
|
+ * server and KDC checksum buffers. Use krb5_free_data_contents() to free @a
|
|
+ * data when it is no longer needed.
|
|
+ */
|
|
+krb5_error_code KRB5_CALLCONV
|
|
+krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
|
|
+ krb5_const_principal principal, const krb5_keyblock *server_key,
|
|
+ const krb5_keyblock *privsvr_key, krb5_data *data);
|
|
+
|
|
/* Allows the appplication to override the profile's allow_weak_crypto setting.
|
|
* Primarily for use by aklog. */
|
|
krb5_error_code KRB5_CALLCONV
|
|
diff --git a/src/lib/krb5/krb/pac_sign.c b/src/lib/krb5/krb/pac_sign.c
|
|
index ae11a0c..26b1f13 100644
|
|
--- a/src/lib/krb5/krb/pac_sign.c
|
|
+++ b/src/lib/krb5/krb/pac_sign.c
|
|
@@ -190,6 +190,15 @@ k5_pac_encode_header(krb5_context context, krb5_pac pac)
|
|
const krb5_keyblock *server_key,
|
|
const krb5_keyblock *privsvr_key,
|
|
krb5_data *data)
|
|
+{
|
|
+ return krb5_pac_sign(context, pac, authtime, principal,
|
|
+ server_key, privsvr_key, data);
|
|
+}
|
|
+
|
|
+krb5_error_code KRB5_CALLCONV
|
|
+krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
|
|
+ krb5_const_principal principal, const krb5_keyblock *server_key,
|
|
+ const krb5_keyblock *privsvr_key, krb5_data *data)
|
|
{
|
|
krb5_error_code ret;
|
|
krb5_data server_cksum, privsvr_cksum;
|
|
diff --git a/src/lib/krb5/krb/t_pac.c b/src/lib/krb5/krb/t_pac.c
|
|
index 9e96b69..61fb51a 100644
|
|
--- a/src/lib/krb5/krb/t_pac.c
|
|
+++ b/src/lib/krb5/krb/t_pac.c
|
|
@@ -149,10 +149,10 @@ main(int argc, char **argv)
|
|
if (ret)
|
|
err(context, ret, "krb5_pac_verify");
|
|
|
|
- ret = krb5int_pac_sign(context, pac, authtime, p,
|
|
- &member_keyblock, &kdc_keyblock, &data);
|
|
+ ret = krb5_pac_sign(context, pac, authtime, p,
|
|
+ &member_keyblock, &kdc_keyblock, &data);
|
|
if (ret)
|
|
- err(context, ret, "krb5int_pac_sign");
|
|
+ err(context, ret, "krb5_pac_sign");
|
|
|
|
krb5_pac_free(context, pac);
|
|
|
|
@@ -204,10 +204,10 @@ main(int argc, char **argv)
|
|
}
|
|
free(list);
|
|
|
|
- ret = krb5int_pac_sign(context, pac2, authtime, p,
|
|
- &member_keyblock, &kdc_keyblock, &data);
|
|
+ ret = krb5_pac_sign(context, pac2, authtime, p,
|
|
+ &member_keyblock, &kdc_keyblock, &data);
|
|
if (ret)
|
|
- err(context, ret, "krb5int_pac_sign 4");
|
|
+ err(context, ret, "krb5_pac_sign 4");
|
|
|
|
krb5_pac_free(context, pac2);
|
|
|
|
@@ -283,10 +283,10 @@ main(int argc, char **argv)
|
|
krb5_free_data_contents(context, &data);
|
|
}
|
|
|
|
- ret = krb5int_pac_sign(context, pac, authtime, p,
|
|
- &member_keyblock, &kdc_keyblock, &data);
|
|
+ ret = krb5_pac_sign(context, pac, authtime, p,
|
|
+ &member_keyblock, &kdc_keyblock, &data);
|
|
if (ret)
|
|
- err(context, ret, "krb5int_pac_sign");
|
|
+ err(context, ret, "krb5_pac_sign");
|
|
|
|
krb5_pac_free(context, pac);
|
|
|
|
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
|
|
index e31ebb9..c4a0015 100644
|
|
--- a/src/lib/krb5/libkrb5.exports
|
|
+++ b/src/lib/krb5/libkrb5.exports
|
|
@@ -465,6 +465,7 @@ krb5_pac_get_buffer
|
|
krb5_pac_get_types
|
|
krb5_pac_init
|
|
krb5_pac_parse
|
|
+krb5_pac_sign
|
|
krb5_pac_verify
|
|
krb5_parse_name
|
|
krb5_parse_name_flags
|